- Wireshark 1.99.6 Release Notes
+Wireshark 2.9.1 Release Notes
- This is an experimental release intended to test new features for
- Wireshark 2.0.
- __________________________________________________________________
+ This is an experimental release intended to test new features for
+ Wireshark 3.0.
-What is Wireshark?
+ What is Wireshark?
- Wireshark is the world's most popular network protocol analyzer. It is
- used for troubleshooting, analysis, development and education.
- __________________________________________________________________
+ Wireshark is the world’s most popular network protocol analyzer. It is
+ used for troubleshooting, analysis, development and education.
-What's New
+ What’s New
+
+ Many user interface improvements have been made. See the “New and
+ Updated Features” section below for more details.
+
+ Bug Fixes
+
+ The following bugs have been fixed:
+
+ Dumpcap might not quit if Wireshark or TShark crashes. (Bug 1419[1])
New and Updated Features
The following features are new (or have been significantly updated)
- since version 1.99.4 and 1.99.5:
- * Qt port:
- + Capture restarts are now supported.
- + Menu items for plugins are now supported.
- + Extcap interfaces are now supported.
- + The Expert Information dialog has been added.
- + Display and capture filter completion is now supported.
- + Many bugs have been fixed.
- + Translations have been updated.
+ since version 2.9.0:
- The following features are new (or have been significantly updated)
- since version 1.99.3:
- * Qt port:
- + Several interface bugs have been fixed.
- + Translations have been updated.
+ • Wireshark now supports the Swedish and Ukrainian language.
- The following features are new (or have been significantly updated)
- since version 1.99.2:
- * Qt port:
- + Several bugs have been fixed.
- + You can now open a packet in a new window.
- + The Bluetooth ATT Server Attributes dialog has been added.
- + The Coloring Rules dialog has been added.
- + Many translations have been updated. Chinese, Italian and
- Polish translations are complete.
- + General user interface and usability improvements.
- + Automatic scrolling during capture now works.
- + The related packet indicator has been updated.
+ • Initial support for using PKCS #11 tokens for RSA decryption in
+ TLS. A configuration user interface is still in development.
The following features are new (or have been significantly updated)
- since version 1.99.1:
- * Qt port:
- + The welcome screen layout has been updated.
- + The Preferences dialog no longer crashes on Windows.
- + The packet list header menu has been added.
- + Statistics tree plugins are now supported.
- + The window icon is now displayed properly in the Windows
- taskbar.
- + A packet list an byte view selection bug has been fixed
- ([1]Bug 10896)
- + The RTP Streams dialog has been added.
- + The Protocol Hierarchy Statistics dialog has been added.
+ since version 2.6.0:
- The following features are new (or have been significantly updated)
- since version 1.99.0:
- * Qt port:
- + You can now show and hide toolbars and major widgets using the
- View menu.
- + You can now set the time display format and precision.
- + The byte view widget is much faster, particularly when
- selecting large reassembled packets.
- + The byte view is explorable. Hovering over it highlights the
- corresponding field and shows a description in the status bar.
- + An Italian translation has been added.
- + The Summary dialog has been updated and renamed to Capture
- File Properties.
- + The VoIP Calls and SIP Flows dialogs have been added.
- + Support for HiDPI / Retina displays has been improved in the
- official packages.
- * DNS stats: + A new stats tree has been added to the Statistics
- menu. Now it is possible to collect stats such as qtype/qclass
- distribution, number of resource record per response section, and
- stats data (min, max, avg) for values such as query name length or
- DNS payload.
- * HPFEEDS stats: + A new stats tree has been added to the statistics
- menu. Now it is possible to collect stats per channel (messages
- count and payload size), and opcode distribution.
- * HTTP2 stats: + A new stats tree has been added to the statistics
- menu. Now it is possible to collect stats (type distribution).
+ • The Windows .exe installers now ship with Npcap instead of
+ WinPcap.
- The following features are new (or have been significantly updated)
- since version 1.12.0:
- * The I/O Graph in the Gtk+ UI now supports an unlimited number of
- data points (up from 100k).
- * TShark now resets its state when changing files in ring-buffer
- mode.
- * Expert Info severities can now be configured.
- * Wireshark now supports external capture interfaces. External
- capture interfaces can be anything from a tcpdump-over-ssh pipe to
- a program that captures from proprietary or non-standard hardware.
- This functionality is not available in the Qt UI yet.
- * Qt port:
- + The Qt UI is now the default (program name is wireshark).
- + A Polish translation has been added.
- + The Interfaces dialog has been added.
- + The interface list is now updated when interfaces appear or
- disappear.
- + The Conversations and Endpoints dialogs have been added.
- + A Japanese translation has been added.
- + It is now possible to manage remote capture interfaces.
- + Windows: taskbar progress support has been added.
- + Most toolbar actions are in place and work.
- + More command line options are now supported
+ • Conversation timestamps are supported for UDP/UDP-Lite protocols
- New Protocol Support
+ • TShark now supports the -G elastic-mapping option which generates
+ an ElasticSearch mapping file.
- (LISP) TCP Control Message, AllJoyn Reliable Datagram Protocol, Android
- ADB, Android Logcat text, Apache Tribes Heartbeat, BGP Monitoring
- Prototol (BMP), C15 Call History Protocol dissection (C15ch), ceph,
- corosync/totemnet corosync cluster engine ( lowest
- levelencryption/decryption protocol), corosync/totemsrp corosync
- cluster engine ( totem single ring protocol), Couchbase, CP "Cooper"
- 2179, DJI UAV Drone Control Protocol, Dynamic Source Routing (RFC
- 4728), Elasticsearch, ETSI Card Application Toolkit - Transport
- Protocol, Generic Network Virtualization Encapsulation (Geneve),
- Geospatial and Imagery Access Service (GIAS), GVSP GigE Vision (TM)
- Streaming Protocol, HCrt, HiQnet, IP Detail Record (IPDR), IPMI Trace,
- iSER, KNXnetIP, MACsec Key Agreement - EAPoL-MKA, MCPE (Minecraft
- Pocket Edition), OCFS2, OptoMMP, QNEX6 (QNET), RakNet games library,
- Remote Shared Virtual Disk - RSVD, Riemann, S7 Communication, Secure
- Socket Tunnel Protocol (SSTP), Shared Memory Communications - RDMA,
- Stateless Transport Tunneling, Thrift, Video Services over IP (VSIP),
- and ZVT Kassenschnittstelle
+ • The “Capture Information” dialog has been added back (Bug
+ 12004[2]).
- Updated Protocol Support
+ • The Ethernet and IEEE 802.11 dissectors no longer validate the
+ frame check sequence (checksum) by default.
- Too many protocols have been updated to list here.
+ • The TCP dissector gained a new “Reassemble out-of-order segments”
+ preference to fix dissection and decryption issues in case TCP
+ segments are received out-of-order. See the User’s Guide, chapter
+ TCP Reassembly for details.
- New and Updated Capture File Support
+ • Decryption support for the new WireGuard dissector (Bug 15011[3],
+ requires Libgcrypt 1.8).
- 3GPP Nettrace TS 34 423, Android Logcat text files, Colasoft Capsa
- files, Netscaler 3.5, and Wireshark now supports nanosecond timestamp
- resolution in PCAP-NG files.
+ • The BOOTP dissector has been renamed to DHCP. With the exception
+ of “bootp.dhcp”, the old “bootp.*” display filter fields are
+ still supported but may be removed in a future release.
- New and Updated Capture Interfaces support
+ • The SSL dissector has been renamed to TLS. As with BOOTP the old
+ “ssl.*” display filter fields are supported but may be removed in
+ a future release.
- and Androiddump - provide interfaces to capture (Logcat and Bluetooth)
- from connected Android devices
+ • Coloring rules, IO graphs, Filter Buttons and protocol preference
+ tables can now be copied from other profiles using a button in
+ the corresponding configuration dialogs.
- Major API Changes
+ • APT-X has been renamed to aptX.
- The libwireshark API has undergone some major changes:
- * The emem framework (including all ep_ and se_ memory allocation
- routines) has been completely removed in favour of wmem which is
- now fully mature.
- * The (long-since-broken) Python bindings support has been removed.
- If you want to write dissectors in something other than C, use Lua.
- * Plugins can now create GUI menu items.
- __________________________________________________________________
+ • When importing from hex dump, it’s now possible to add an
+ ExportPDU header with a payload name. This calls the specific
+ dissector directly without lower protocols.
-Getting Wireshark
+ • The sshdump and ciscodump extcap interfaces can now use a proxy
+ for the SSH connection.
- Wireshark source code and installation packages are available from
- [2]https://www.wireshark.org/download.html.
+ • Dumpcap now supports the -a packets:NUM and -b packets:NUM
+ options.
- Vendor-supplied Packages
+ • Wireshark now includes a “No Reassembly” configuration profile.
- Most Linux and Unix vendors supply their own Wireshark packages. You
- can usually install or upgrade Wireshark using the package management
- system specific to that platform. A list of third-party packages can be
- found on the [3]download page on the Wireshark web site.
- __________________________________________________________________
+ • Wireshark now supports the Russian language.
+
+ • The build system now supports AppImage packages.
-File Locations
+ • The Windows installers now ship with Qt 5.12.0. Previously they
+ shipped with Qt 5.9.7.
- Wireshark and TShark look in several different locations for preference
- files, plugins, SNMP MIBS, and RADIUS dictionaries. These locations
- vary from platform to platform. You can use About->Folders to find the
- default locations on your system.
- __________________________________________________________________
+ • Support for DTLS and TLS decryption using pcapng files that embed
+ a Decryption Secrets Block (DSB) containing a TLS Key Log (Bug
+ 15252[4]).
-Known Problems
+ • The editcap utility gained a new --inject-secrets option to
+ inject an existing TLS Key Log file into a pcapng file.
- Dumpcap might not quit if Wireshark or TShark crashes. ([4]Bug 1419)
+ • A new dfilter function string() has been added. It allows the
+ conversion of non-string fields to strings so string functions
+ (as contains and matches) can be used on them.
- The BER dissector might infinitely loop. ([5]Bug 1516)
+ Removed Features and Support
- Capture filters aren't applied when capturing from named pipes. ([6]Bug
- 1814)
+ • The legacy (GTK+) user interface has been removed and is no
+ longer supported.
- Filtering tshark captures with read filters (-R) no longer works.
- ([7]Bug 2234)
+ • Wireshark requires Qt 5.2 or later. Qt 4 is no longer supported.
- Resolving ([8]Bug 9044) reopens ([9]Bug 3528) so that Wireshark no
- longer automatically decodes gzip data when following a TCP stream.
+ • Wireshark requires GLib 2.32 or later.
- Application crash when changing real-time option. ([10]Bug 4035)
+ • Wireshark requires GnuTLS 3.2 or later as optional dependency.
- Hex pane display issue after startup. ([11]Bug 4056)
+ • Building Wireshark requires Python 3.4 or newer, Python 2.7 is
+ unsupported.
+
+ • Building Wireshark requires CMake. Autotools is no longer
+ supported.
+
+ • TShark’s -z compare option was removed.
+
+ New File Format Decoding Support
+
+ Ruby Marshal format
+
+ New Protocol Support
+
+ Apple Wireless Direct Link (AWDL), Basic Transport Protocol (BTP),
+ BLIP Couchbase Mobile (BLIP), CDMA 2000, Circuit Emulation Service
+ over Ethernet (CESoETH), Cisco Meraki Discovery Protocol (MDP),
+ Distributed Ruby (DRb), DXL, E1AP (5G), EVS (3GPP TS 26.445 A.2 EVS
+ RTP), Exablaze trailers, General Circuit Services Notification
+ Application Protocol (GCSNA), GeoNetworking (GeoNw), GLOW Lawo
+ Emberplus Data format, Great Britain Companion Specification (GBCS)
+ used in the Smart Metering Equipment Technical Specifications
+ (SMETS), GSM-R (User-to-User Information Element usage),
+ HI3CCLinkData, Intelligent Transport Systems (ITS) application level,
+ ISO 13400-2 Diagnostic communication over Internet Protocol (DoIP),
+ ITU-t X.696 Octet Encoding Rules (OER), Local Number Portability
+ Database Query Protocol (ANSI), MsgPack, NGAP (5G), NR (5G) PDCP,
+ Osmocom Generic Subscriber Update Protocol (GSUP), PCOM protocol,
+ PKCS#10 (RFC2986 Certification Request Syntax), PROXY (v2), S101 Lawo
+ Emberplus transport frame, Secure Reliable Transport Protocol (SRT),
+ Spirent Test Center Signature decoding for Ethernet and FibreChannel
+ (STCSIG, disabled by default), Sybase-specific portions of TDS,
+ systemd Journal Export, TeamSpeak 3 DNS, TPM 2.0, Ubiquiti Discovery
+ Protocol (UBDP), WireGuard, XnAP (5G), and Z39.50 Information
+ Retrieval Protocol
+
+ Updated Protocol Support
+
+ Too many protocols have been updated to list here.
+
+ New and Updated Capture File Support
+
+ RFC 7468 (PEM), Ruby marshal object files, systemd Journal Export,
+ and Unigraf DPA-400 DisplayPort AUX channel monitor
+
+ New and Updated Capture Interfaces support
+
+ dpauxmon, an external capture interface (extcap) that captures
+ DisplayPort AUX channel data from linux kernel drivers.
+
+ sdjournal, an extcap that captures systemd journal entries.
+
+ Major API Changes
+
+ • Lua: the various logging functions (debug, info, message, warn
+ and critical) have been removed. Use the print function instead
+ for debugging purposes.
+
+ • Lua: on Windows, file-related functions such as dofile now assume
+ UTF-8 paths instead of the local code page. This is consistent
+ with Linux and macOS and improves compatibility on non-English
+ systems. (Bug 15118[5])
+
+ Getting Wireshark
+
+ Wireshark source code and installation packages are available from
+ https://www.wireshark.org/download.html[6].
+
+ Vendor-supplied Packages
+
+ Most Linux and Unix vendors supply their own Wireshark packages. You
+ can usually install or upgrade Wireshark using the package management
+ system specific to that platform. A list of third-party packages can
+ be found on the download page[7] on the Wireshark web site.
- Packet list rows are oversized. ([12]Bug 4357)
+ File Locations
- Wireshark and TShark will display incorrect delta times in some cases.
- ([13]Bug 4985)
+ Wireshark and TShark look in several different locations for
+ preference files, plugins, SNMP MIBS, and RADIUS dictionaries. These
+ locations vary from platform to platform. You can use About→Folders to
+ find the default locations on your system.
- The 64-bit version of Wireshark will leak memory on Windows when the
- display depth is set to 16 bits ([14]Bug 9914)
+ Getting Help
- Wireshark should let you work with multiple capture files. ([15]Bug
- 10488)
- __________________________________________________________________
+ The User’s Guide, manual pages and various other documentation can be
+ found at https://www.wireshark.org/docs/[8]
-Getting Help
+ Community support is available on Wireshark’s Q&A site[9] and on the
+ wireshark-users mailing list. Subscription information and archives
+ for all of Wireshark’s mailing lists can be found on the web site[10].
- Community support is available on [16]Wireshark's Q&A site and on the
- wireshark-users mailing list. Subscription information and archives for
- all of Wireshark's mailing lists can be found on [17]the web site.
+ Bugs and feature requests can be reported on the bug tracker[11].
- Official Wireshark training and certification are available from
- [18]Wireshark University.
- __________________________________________________________________
+ Official Wireshark training and certification are available from
+ Wireshark University[12].
-Frequently Asked Questions
+ Frequently Asked Questions
- A complete FAQ is available on the [19]Wireshark web site.
- __________________________________________________________________
+ A complete FAQ is available on the Wireshark web site[13].
- Last updated 2015-05-28 18:47:50 UTC
+ Last updated 2019-01-20 08:14:50 UTC
-References
+ References
- 1. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10896
- 2. https://www.wireshark.org/download.html
- 3. https://www.wireshark.org/download.html#thirdparty
- 4. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1419
- 5. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1516
- 6. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=1814
- 7. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2234
- 8. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9044
- 9. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3528
- 10. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4035
- 11. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4056
- 12. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4357
- 13. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4985
- 14. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9914
- 15. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=10488
- 16. https://ask.wireshark.org/
- 17. https://www.wireshark.org/lists/
- 18. http://www.wiresharktraining.com/
- 19. https://www.wireshark.org/faq.html
+ 1. 1
+ 2. 2
+ 3. 3
+ 4. 4
+ 5. 5
+ 6. 6
+ 7. 7
+ 8. 8
+ 9. 9
+ 10. 10
+ 11. 11
+ 12. 12
+ 13. 13